Zero Day MonitorZDM

← Back to list

7.5

CVE-2026-4634EXPLOITEDPATCHED

red hat · keycloak

Keycloak: keycloak: denial of service via excessive processing of openid connect scope parameters

Description

A flaw was found in Keycloak. An unauthenticated attacker can exploit this vulnerability by sending a specially crafted POST request with an excessively long scope parameter to the OpenID Connect (OIDC) token endpoint. This leads to high resource consumption and prolonged processing times, ultimately resulting in a Denial of Service (DoS) for the Keycloak server.

Affected Products

Vendor	Product	Versions
red hat	keycloak	maven/org.keycloak:keycloak-services: < 26.5.7

References

https://access.redhat.com/errata/RHSA-2026:6475(vendor-advisory, x_refsource_REDHAT)
https://access.redhat.com/errata/RHSA-2026:6476(vendor-advisory, x_refsource_REDHAT)
https://access.redhat.com/errata/RHSA-2026:6477(vendor-advisory, x_refsource_REDHAT)
https://access.redhat.com/errata/RHSA-2026:6478(vendor-advisory, x_refsource_REDHAT)
https://access.redhat.com/security/cve/CVE-2026-4634(vdb-entry, x_refsource_REDHAT)
https://bugzilla.redhat.com/show_bug.cgi?id=2450250(issue-tracking, x_refsource_REDHAT)

Related News (1 articles)

Tier C

VulDB4d ago

CVE-2026-4634 | Keycloak Scope excessive platform resource consumption within a loop (RHSA-2026:6477)

→ No new info (linked only)

CVSS 3.17.5 HIGH

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

org.keycloak:keycloak-services@26.5.7

CWECWE-1050

PublishedApr 2, 2026

Last enriched4d agov2

Trending Score30

Source articles1

Independent1

Info Completeness8/14

Missing: versions, epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2026-33540EXP

Distribution affected by pull-through cache credential exfiltration via www-authenticate bearer realm

HIGHCVE-2026-3872EXP

Keycloak: keycloak: information disclosure due to redirect_uri validation bypass

HIGHCVE-2026-4282EXP

Keycloak: keycloak: privilege escalation via forged authorization codes due to singleuseobjectprovider isolation flaw

HIGHCVE-2026-4636EXP

Keycloak: keycloak: uma policy bypass allows authenticated users to gain unauthorized access to victim-owned resources.

CRITICALCVE-2026-5704

Tar: tar: hidden file injection via crafted archives

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 2, 2026

Discovered by ZDM

Apr 2, 2026

Updated: severity, activelyExploited

Apr 2, 2026

Actively Exploited

Apr 3, 2026

Patch Available

Apr 3, 2026

Version History

v2

Last enriched 4d ago

v2Tier C4d ago

Updated severity to CRITICAL, marked as actively exploited, and noted no exploit is available.

severityactivelyExploited

via VulDB

v14d ago

Initial creation